Help with fortigate VPN IPSEC

Post Reply
cdperez_DUP
Member
Posts: 15
Joined: 19 Dec 2007 09:31

Help with fortigate VPN IPSEC

Post by cdperez_DUP » 21 Dec 2007 08:03

Hello, set an IPSEC VPN in a firewall fortigate 200A and I connect with the customer VPN forticlient, the connection is carried out properly, but after a few seconds forticlient me an error that says: "VPN has trouble conecting with the remote gateway, retrying now ... if you don `t want to continue, press close button to terminate the connection." When i check the logs generated by forticlient tells me: program = (unknown) msg = loc_ip = w.x.y.z loc_port = 500 rem_ip = abcd rem_port = 500 out_if = 0 vpn_tunnel = testx status = negotiate_error msg = "Failed to acquire an IP address. .. someone knows which can be an issue in which my pc does not acquire ip address? I tested with static address and configuring a DHCP server but has not proved. Will be necessary to set up something extra in addition to the firewall VPN tunnel?

culloa
Member
Posts: 5
Joined: 30 Nov 2007 14:48
Location: Arica - Chile
Contact:

Re: Help with fortigate VPN IPSEC

Post by culloa » 21 Dec 2007 18:34

add ip address in:

run forticlient

select name conection
edit
advanced
virtual ip address
set ip site intranet and subnet mask + DNS
check

cdperez_DUP
Member
Posts: 15
Joined: 19 Dec 2007 09:31

Re: Help with fortigate VPN IPSEC

Post by cdperez_DUP » 23 Dec 2007 16:07

Hello, thanks for responding. I did what I propusiste and I accerder the intranet servers, but every minute around the connection is dropped and must be lifted again. To this might be? Thanks in advance. The log in the fortigate say this:

12 2007-12-23 17:39:10 error negotiate Negotiate SA Error: No matching gateway for new phase 1 request.
13 2007-12-23 17:39:02 error error Received ESP packet with unknown SPI.
14 2007-12-23 17:38:59 error error Received ESP packet with unknown SPI.
15 2007-12-23 17:38:56 error error Received ESP packet with unknown SPI.
16 2007-12-23 17:38:55 error negotiate Negotiate SA Error: No matching gateway for new phase 1 request.
17 2007-12-23 17:38:53 error error Received ESP packet with unknown SPI.
18 2007-12-23 17:38:50 error error Received ESP packet with unknown SPI.

culloa
Member
Posts: 5
Joined: 30 Nov 2007 14:48
Location: Arica - Chile
Contact:

Re: Help with fortigate VPN IPSEC

Post by culloa » 08 Jan 2008 07:28

test in diferent ISP (internet provider), or condition net (hot spot, university, ....)

test in diferent equipment (other laptop....)

download new forticlient from fortinet, is tis free for VPN, but no AVirus, firewall.

zbychad
Member
Posts: 1
Joined: 19 May 2008 09:26

Re: Help with fortigate VPN IPSEC

Post by zbychad » 21 May 2008 15:09

Hi,

I'm pretty sure you have to disable 'dead peer detection' in phase 1 config on fortigate.

Regards,
ZA

NABAMB
Member
Posts: 7
Joined: 15 Apr 2009 11:21

Re: Help with fortigate VPN IPSEC

Post by NABAMB » 03 Jun 2011 16:46

This post is old but I will reply anyway. The problem I see is that you created phase 2 and made some source and destination addresses which anyhow is not meeting at your client setting. Try to leave these source and destination addresses default which would be 0.0.0.0/0.

Regards,

NABAMB

allysaa
Member
Posts: 1
Joined: 27 Aug 2011 05:20

Re: Help with fortigate VPN IPSEC

Post by allysaa » 05 Sep 2011 06:30

What are the prerequisites of a Virtual Private Network? How do I actually go about installating a VPN? If I don't have a fixed IP address, can I still install a VPN? I have website via a web hosting company. To run a WAN application, do I have to install the shared files at the website?

kasheswari
Member
Posts: 1
Joined: 25 Oct 2011 05:36

Re: Help with fortigate VPN IPSEC

Post by kasheswari » 29 Oct 2011 02:01

Regarding a VPN with regards to connection? How exactly does it work. Can you like create a VPN and then use your home internet connection(say in US) to access the internet while you are say in say Japan. Or is it more like you connect to a network in Japan and then use your VPN to use the Japan network securely?

Post Reply

Return to “Fortigate Security”